Source hostname instead of source_ip

kmroz · February 28, 2017, 7:00pm

Hello, is there any way to have a source_hostname instead of source_ip. I am looking to monitor traffic data and it seems there is only a choice by IP but hostname would be more useful since we wouldn't have to keep track of every IP.

Thanks,
Kenny

jkuang · February 28, 2017, 7:24pm

Are you referring to the monitoring module that comes with X-Pack?

kmroz · February 28, 2017, 7:27pm

no packetbeat,

i would like to use hostnames instead of IP's

andrewkroh · March 1, 2017, 4:14pm

What hostname would you like to see? What protocols are you talking about here?

There is a reverse lookup filter in Logstash that can add hostnames to events.

kmroz · March 1, 2017, 4:27pm

how can this be done through logstash? is there a way to do this through elasticsearch as i am not sending any packetbeats to logstash.

andrewkroh · March 1, 2017, 4:35pm

You need Logstash for that. See https://www.elastic.co/guide/en/logstash/current/plugins-filters-dns.html

kmroz · March 1, 2017, 4:37pm

ok, ill give this a shot thanks!

system · March 29, 2017, 4:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Name in place of IP Beats packetbeat	6	1104	October 24, 2019
Record originating IP of filebeats Logstash	4	2527	July 6, 2017
Logstash to ignore beat.hostname to set as host , and use logstash server hostname as o/p Logstash	1	469	December 15, 2016
How to match IP address to hostname without dns [Solved] Logstash	6	18986	July 6, 2017
Getting Ip-Adress from Filebeat-Client Logstash	2	1358	August 18, 2017

Source hostname instead of source_ip

Related topics